Semi-Markov-Based Security Effectiveness Evaluation And Defense Decision-Making For Dynamic Platform Techniques

As computer network systems become larger and more complex,there are more security vulnerabilities in network systems.Besides security vulnerabilities,attack patterns are also more advanced nowadays.The network system as a defender,fights fiercely against the adversary to resist security threats.In the network attack-defense confrontation,the defender has long been in a passive defense situation with asymmetric information and costs.To reverse this situation,moving target defense emerges as an active defense mechanism.By introducing dynamic,randomization and diversity mechanisms into the network system,moving target defense constantly changes the attack surface and increases the difficulty of successful attack,thereby improving the security of the system.In the research field of security effectiveness evaluation and defense decision-making for moving target defense,there have been a large number of research results,but the existing security effectiveness evaluation models cannot quantitatively analyze the scenarios where the attack duration follows a general distribution;and the existing defense decision-making methods cannot be used in quantifying time-dependent cumulative rewards as well as allowing the defender to make decisions at random times.For the system that deploys platform-level moving target defense techniques —dynamic platform techniques,this thesis aims to construct a security effectiveness evaluation model for dynamic platform techniques and design a migration defense strategy that jointly optimizes operational benefits,security and cost of the system,under the condition that the attack duration and service migration duration follow the general distribution.The main contributions of this thesis are as follows:(1)Constructing a security effectiveness evaluation model for dynamic platform techniques based on semi-Markov processFirstly,towards the system that deploys dynamic platform techniques,the multi-stage attack it may suffer is modeled as a cyber kill chain,and the random migration strategy of dynamic platform techniques is defined.Then,the interaction between continuous multi-stage attack,dynamic platform techniques and the running service on the platform are accurately described to construct a semi-Markov model.Formulas of the service security and security risk are deduced,which measure the system security by the probability of the successful attack and the probability of coexistence of the attack and service on the same platform.Finally,numerical analytical experiments are used to evaluate the effects of different numbers of platforms,migration rates and attack power on the security effectiveness of dynamic platform techniques.(2)Proposing a migration defense strategy that jointly optimizes operational benefits,security and cost of the systemThis thesis combines the detection-based passive defense mechanism with dynamic platform techniques to give the defender the ability to make defense decisions based on detected abnormal behaviors.To quantify the security loss caused by attacks and the time-dependent operational benefit,different values of security levels and operational efficiencies of heterogeneous platforms are introduced into the model.Combined with the cost of service migration and the energy loss of maintaining the system operation,these four parts of rewards are defined as the reward function.A semi-Markov decision process-based migration decision method is proposed,whose migration strategy that jointly optimizes system operational benefits,security and cost is determined by the value iteration algorithm.Experiments are carried out to demonstrate the effectiveness of the migration strategy based on semi-Markov decision and investigate the effects of different numbers of platforms,migration times and migration costs on the system reward and migration decision.